Przekazana: Odp: RE: help i've been hacked. :(
Bartosz Brewinski
BBrewinski at lukas.com.pl
Sun Aug 21 14:00:43 UTC 2005
of course
"mount -t <fs_type> /path/to/XYZ.image /mnt/XYZ"
should be
"mount -t <fs_type> -o loop /path/to/XYZ.image /mnt/XYZ"
bartek
>>> Bartosz Brewinski 2005-08-21 15:54:41 >>>
>>> cparker at swatgear.com 2005-08-21 00:39:48 >>>
> At this point I have not checked for a rootkit, though I plan to do
that
> before I wipe the box.
I think you should consider dumping partition data to some image ("dd
if=/dev/XYZ of=/abc/XYZ.image").
Benefits:
1) you could reinstall the machine without worrying about loss of
data/evidence/configuration.
2) you could examine disk contents many times later on some other
machine ("mount -t <fs_type> /path/to/XYZ.image /mnt/XYZ").
bartek
More information about the redhat-list
mailing list